Merged
Conversation
During nvme connect-all, if a discovery log page record reports the sectype as anything other than NVMF_TCP_SECTYPE_NONE in nvmf_connect_disc_entry(), it then assumes that --tls should be default set for the same. But this holds true only for configured PSK TLS alone and not for generated PSK TLS. For generated PSK TLS connections using --concat (i.e. secure channel concat), this would lead to connection failures since both --tls and --concat are not to be invoked together. Fix this by distinguishing the two through their respective treq values and setting the appropriate --tls or --concat flags for each. Signed-off-by: Martin George <[email protected]> (cherry picked from commit 3f2ca96d77b1) Signed-off-by: Daniel Wagner <[email protected]>
--tls and --concat are mutually exclusive and not meant to be invoked together. So add an appropriate error message for the same. Signed-off-by: Martin George <[email protected]> (cherry picked from 75cfffcdf892) Signed-off-by: Daniel Wagner <[email protected]>
--concat requires a corresponding dhchap-secret key to be passed with it. So add an appropriate error message if this is not done. Signed-off-by: Martin George <[email protected]> (cherry picked from 62a3ec111d5d) Signed-off-by: Daniel Wagner <[email protected]>
Add additional debug messages when --tls and --concat is set respectively based on the treq and sectype fields for a given record in the discovery log page data during a nvme connect-all. This makes it easier to debug, otherwise can be quite confusing to the end user. Signed-off-by: Martin George <[email protected]> (cherry picked from f0dd975155f4) Signed-off-by: Daniel Wagner <[email protected]>
It is wrongly assumed that the presence of the sysfs tls_key attribute indicates --tls alone was invoked. But this can also happen if --concat was invoked as well. And both --tls and --concat are mutually exclusive. Also, both --tls and --concat are already appropriately set earlier during configured & generated PSK TLS workflows respectively. So avoid explicitly setting --tls again here in nvme_read_sysfs_tls() as that's unnecessary and incorrect too. Signed-off-by: Martin George <[email protected]> (cherry picked from f1818da3448f) Signed-off-by: Daniel Wagner <[email protected]>
Only --tls was properly updated in nbft_connect(), and not --concat. But this is properly done in nvmf_connect_disc_entry() already. So add a helper function to update both --tls and --concat and invoke the same from nvmf_connect_disc_entry() and nbft_connect() respectively. Signed-off-by: Martin George <[email protected]> [wagi: reformated the function to improve readability] (cherry picked from 99dd46fdff25) Signed-off-by: Daniel Wagner <[email protected]>
It is not possible to determine the active TLS mode from the presence or absence of sysfs attributes like tls_key, tls_configured_key, or dhchap_secret. With the introduction of the concat mode and optional DH-CHAP authentication, different configurations can result in identical sysfs state. This makes user space detection unreliable. Read the TLS mode used from the newly added sysfs entry. (cherry picked from d0c4d3aedb1c) Signed-off-by: Daniel Wagner <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
These are all backports from master fixing the concat feature.
nvme-cli 2.x and libnvme 1.x are still widely used, thus some fixes.